The month of October is known as a Cybersecurity Awareness Month. Created as a collaborative effort between government and industry, it aims to raise awareness about the importance of cybersecurity. Cybersecurity is more critical now than ever. Ransomware, phishing, and malware are among the most common threats businesses face today.
Working from home increases the possibility of threats because employees are either outside the company’s network or are not as closely monitored as on-site employees. This can also lead to situations where information is unknowingly mishandled or unprotected.
Since first week of the Cybersecurity Awareness Month is devoted to being cyber smart, it’s imperative to understand the role human error plays in cybersecurity.
Types of Human Error
There are several types of human error that can occur within cybersecurity. These include:
- Sending data over unsecured networks
- Failing to regularly update operating systems and software
- Increasing reliance on messaging apps and email for sharing information
Another critical aspect of human error is password creation. Employees should be made aware of what constitutes a strong password and how often it needs to be changed. Other training should include how to recognize possible phishing emails and what to do when workers receive them. Having a plan in place that clearly addresses these issues will help decrease these types of human error.
Real Examples of Human Error
Human error is easier to make than one might think. There are countless stories about employees who receive emails that are reportedly from co-workers when they are really from an outside source. Sometimes all the hackers need are a few pieces of information to do a lot of damage.
One IBM global survey found 95% of all security breaches cite human error as a major contributor. Reducing this human error helps protect against a wider range of threats by eliminating the cause.
One example of human error occurred when expired certificates for Equifax caused a delay in breach detection. In Spring 2017, this credit reporting agency was made aware of a vulnerability that affected some versions of Apache Struts. A mass internal email was sent out within the organization, which should have been used by their IT security team to resolve the issue. An automatic scan did not identify the vulnerability, and the device that inspected encrypted traffic was misconfigured due to an expired certificate.
These oversights enabled an attacker to crack into the Equifax system for a two-month period. The organization was ultimately fined by the Information Commissioner’s Office.
Ways To Avoid Human Error
One way to avoid human error is to instruct employees not to write down passwords or store them on sticky notes or on the computer where they can be easily found. Another is to warn employees against opening attachments or links from unknown sources.
If you allow workers to use public Wi-Fi, require a VPN. Also, don’t allow workers to use external USB storage devices that aren’t approved by the IT department.
Employees should also be mindful of what they post online. Where possible, put safety measures in place.
In August 2018, human error played a central role in a major data breach when more than 300 student records were accidentally posted on the intranet by a Strathmore secondary college employee in Melbourne, Australia. These records included data about students’ medical conditions, such as ADHD, learning difficulties, and autism.
This information was accessible via the internet for around a day and had the potential to circulate widely.
To avoid human error, make sure all systems remain up to date. Conduct employee training regularly to raise awareness about various types of human error. Make sure employees have a way to report suspicious activity or emails. You also want to have a strategy in place to monitor and mitigate new threats.
Finding cybersecurity overwhelming? Start with a ransomware evaluation, available for free during October!